Challenges and Opportunities in Aviation Security

Dr. Agam N. Sinha
Vice President and Deputy General Manager, Center for Advanced Aviation System Development (CAASD), The MITRE Corporation

OPENING REMARKS

During this workshop, we have heard from a simple soldier and a simple businessman, so it is probably appropriate now for you to hear from a simple engineer. I will try to keep things very simple although the issues are very complicated. I believe that unless you really dissect a problem and attack its pieces you will never solve the whole problem.

Let me start with a story and you should listen up because at the end of my presentation a connection will be made and there will be a quiz! The story is about a mathematician, a scientist, and an engineer. Fifty meters in front of them is a vintage bottle of wine. All three people are asked to figure out how to get to it. The mathematician looks at the problem and says: First you go half the distance, then you go half that distance, then you go half that distance, and finally you get there but it will take a long time. The scientist looks at the problem and says: Let me do an experiment. So he brings out a mouse and cheese and a maze and sees that it can be done. So he concludes, Yes, it is possible, you can get at that object. The engineer says: I don't know anything. So he just starts walking, and within 30 seconds he reaches the bottle, picks it up, and goes away. That is the whole story. So please keep it in mind as I go through my presentation, because if it seems irrelevant right now, you will see how it is connected at the end.

THE CURRENT POSITION OF THE AVIATION INDUSTRY

I would like to give you a preview of where the industry currently is, because its position will determine what is a feasible path for moving forward.

As a result of the attacks of September 11, the Iraq war, and SARS, the international air transport association has stated that, as Dr. Gante mentioned, there was a $10 billion loss each year in 2001 and 2002, but for 2003 they are predicting a $10 billion loss in just the first half. That is a big concern for all the people involved in air transportation, and we are already experiencing some of the effects worldwide. In North America, U.S. Airways, United Airlines, and Air Canada have filed for bankruptcy. U.S. Airways has now emerged from it, and we expect United to emerge from it also, but it is a different airline that comes out of bankruptcy. In Europe, significant capacity reductions have been made by all the airlines. KLM posted a U.S. $472 million net loss. Lufthansa posted a 356 million Euro loss and is parking 70 of its aircraft. In Asia, Cathay Pacific has grounded one-third of its fleet, passenger numbers are down 65% compared to April 2002, and further down compared to May. Effectively, traffic is down 85% in that part of the world. Singapore Airlines, a flagship carrier that has always been profitable, is expected to lose U.S. $580 million. So nobody is safe economically in this environment.

However, instead of giving you only the doom and gloom, let me also remind you that historically traffic has returned after serious upheavals, such as the fuel shortage of the mid-seventies, the U.S air traffic controller strike of 1981, the economic downturn of the early eighties, and the Gulf War of the early nineties. In fact, if you look at a chart of air traffic, it goes up and down but the trend is always upward. All the economists and business analysts predict that traffic will come back, but to have it return to the year 2000 level will take from two to seven years depending on what happens to the economy. It will take several years, but rest assured that traffic will return.

SECURITY ISSUES FROM AN AVIATION PERSPECTIVE

With the above as a background, let me discuss current security issues from a civil aviation perspective. First of all, what is it we are trying to protect-what is our objective? There are three parts to that answer: we want to protect passengers and cargo; we want to protect our resources, including aircraft, airports, and ATC facilities; and we want to protect information, for which we need cyber security.

Second, what has changed? Our objectives have been the same for many years. So what is different? I would suggest to you that the answer is, everything has changed since the events I just mentioned. The world has changed and continues to change politically and militarily, with regional tensions erupting in various parts of the world. Threats have changed and are changing: chemical, biological and cyber attacks are becoming more prominent than military attacks. Terrorists are better organized, better financed, and better equipped than they have ever been before. They can probably get any type of sophisticated technology faster than some of our governments can.

Third, the fact is that we cannot continue to fight the last war. I do not think we need to work to protect against another September 11. Another incident of that kind is not likely; something new will be done, just as the attacks of September 11 were new when they occurred. Terrorists are getting smarter, so we need to be prepared to stop their future acts of terror. This is of course very easy to say and very hard to do, because we do not have the answers to several fundamental questions, such as, what threat are we prepared to meet? Where is an attack likely to take place? When is an attack likely to happen, and how will it be carried out? Without knowing the answers to these questions, it is very hard to prepare for what might occur. Someone mentioned earlier that it is hard to make predictions, especially if they are for the future. It is easy to predict the past, but hard to predict the future. In addition to the problem of what is likely, no form of protection, no system, offers a 100% guarantee that you will be successful. So we need to try to formulate the best threat-based risk-management approach. Cost is a major issue too, because you have to work with what you can afford while managing the effectiveness of what you have. The current economic status of users is also key to the air transportation system.

IN-PLACE SOLUTIONS

Now I would like to turn to current solutions, which come in different categories. Some solutions prevent and deter, and some manage consequences-they enable containment and response. A number of different solutions are already in place, but I am going to name just a few:

Physical checkpoints at airports-we all go through them, and we all complain about the two hours that it takes to board a flight, but these checkpoints are important;

Passenger/cargo pre-screening;

Secure IDs for people who work in and around airports;

Hardened cockpit doors;

Air marshals on flights;

Route conformance monitoring-the automation systems that track aircraft are better today than they have ever been and are in place in many countries;

Civil air patrol aircraft and military aircraft-they are in the air or can be quickly scrambled.

These and others are excellent solutions, but their effectiveness will depend on some very important features:

Shared information-this is an important factor but is very hard to achieve;

Coordinated command and control-coordinating the many entities, such as police, fire, and aviation personnel, in a particular country or across countries, is crucial;

Common situation awareness-everyone needs to understand the situation the same way;

Physical and cyber security.

REACHING FUTURE SECURITY GOALS

But how do we make this happen? Technology, I would claim, is not the issue. Technology is here, and available-in fact, there is more available technology than we can implement. We have satellite-based surveillance, down to half a meter. We have communications with very high reliability and very high bandwidth. We have computation power; today your watch probably does more than a computer did in 1965. We have data storage and retrieval capabilities at any level we desire. We have new technologies such as biometrics, which is enormously helpful for identifying passengers and threats. Looking to future technologies, there is a lot of work going on in nanotechnology, which should help us do wonderful things with less than half the weight of steel or even aluminum.

We have made progress in international cooperation, including some of the examples that have already been discussed by other presenters, such as polar routes over Russia. There is also the commonality between the Global Positioning System and the Russian satellite system GLONASS; you can get common receivers that can operate with both systems, and discussions with European agencies about these systems are going on. We have also seen worldwide implementation of reduced vertical separation minima, by which the altitude requirements between aircraft is reduced. There are many other examples of cooperation across countries, and they are all, of course, good signs of progress.

But there are still challenges that remain ahead of us, in the areas of policy, economics, coordination, and integration. I will give you just a few examples:

Policy issues related to cyber attacks. How are we going to insure that virus attacks that originate in a rogue country do not spread all over the world?

Policy issues related to individual privacy. In the U.S., this is a very hot political issue that is being debated right now. How much information can you gather about an individual? How much can you use?

Cooperation and coordination in information sharing. I talked about this earlier, and Esther Dyson mentioned the difficulty that the FBI and the CIA in the U.S. are having regarding information sharing. It is not only within a particular country, but across countries as well. Whether you call it interfacing, integrating, or interoperability, the end result is the same. Different systems need to work together, to be able to talk to each other. We need to cooperate and coordinate across boundaries, whether they represent different agencies or different nations.

Funding. We cannot forget that everything comes back to money. How are we going to be able to fund the paths we choose? We have to talk about that. We also have to talk about how government and the business sector, the military and the civil sectors are going to partner on funding issues.

CLOSING THE KNOWING-DOING GAP

I would like to leave you with a special challenge before I summarize. The special challenge is to close the "knowing-doing gap." It is necessary to know what to do, but that is not enough, because doing is what matters.

Remember the engineer and the mathematician and the scientist? All of them knew what had to be done, but the engineer is the one who did it. The point is that, at this workshop, where we have heard from political leaders and from military leaders, everyone knows what needs to be done. But now we need to do it.

Sometimes the simplistic approach is best when you have to do something big; you start by taking the first step. I think we need to collectively define what that first step is, and also who is going to take it. That will move us forward much more than knowing in detail what needs to be done over the next 15 years.

CONCLUDING REMARKS

In conclusion, I would like to say that aviation has always been and always will be global. There are no visible state boundaries at 33,000 feet, and you do not pass a checkpoint that says you are now entering such and such a country. So threats to aviation are global, and solutions to those threats, involving technology, policy, procedures, and people, must also be global. This requires, more than ever before, coordination and cooperation between agencies of a particular country as well as among organizations across country boundaries. It also requires closing the "knowing-doing gap."